The fight for the future of cloud
The Federal Trade Commission got an earful from managed services providers, trade groups and antitrust activists about cloud business practices.
On June 22, 2023, executives from Microsoft, Amazon Web Services, Oracle and IBM spoke on a think tank panel about how competition was guiding cloud services providers toward greater data interoperability and cooperation.
“The market is driving us toward open clouds where we do collaborate more with each other,” said Scott Jordan, Oracle’s vice president of federal civilian cloud sales, at the event hosted by the Center for Strategic and International Studies. “That’s good for customers and, ultimately, it will be good for business. We will still compete, but that competition drives the innovation that the customer needs and deserves.”
But around that time, some of the same companies were writing comments to the Federal Trade Commission in response to a regulatory inquiry, blasting their rivals for alleged anticompetitive business practices.
In broad strokes, digital native companies like Google and AWS are at odds with legacy software companies such as Microsoft and Oracle over pricing, incentives and data portability issues that allegedly hinder customers from selecting new cloud vendors and moving their workloads to new clouds. Some of the digital natives are looking for regulations to level the playing field while legacy providers tend to believe that the market for managed services as currently constituted is working.
How this debate plays out will have consequences for the U.S. government, which is expected to spend upwards of $16 billion on cloud computing services in fiscal year 2023, according to a recent forecast from Deltek.
“Essentially, every government entity is a multicloud user, largely because of the pure definition of cloud services and they will all have more than one software-as-a-service provider,” said Michael Brown, a VP Analyst in Gartner’s Government and Education team and a former U.S. Immigration and Customs Enforcement chief information officer.
“Where the real discussion and, perhaps, the concerns might be is around infrastructure-as-a service and not software-as-a-service and can agencies effectively use multiple infrastructure-as-a service providers and what are the implications?” Brown said.
A problem of workloads
The FTC issued its call for comments in March, seeking insights into how cloud computing businesses operate, centering on issues like cloud security practices, the widespread impacts of a single point of failure in a cloud environment and business practices affecting the market.
Some cloud service providers took the opportunity to air long-held complaints alleging that competitors are inhibiting the ability of their customers to move their data to other vendors, making it difficult to support diverse software applications and other tools, effectively forcing users to remain in their current cloud networks.
The crux of the arguments against Microsoft and Oracle hinge on allegations that the companies leverage software licensing agreements in their contracts to limit the interoperability of their software suites on other clouds.
“While interoperability and open source technologies are prevalent across the industry … a small number of legacy on-premises software providers, such as Microsoft, Oracle and others, are using their strong positions in non-cloud markets, such as productivity software, server operating systems and applications and desktop operating systems, to give their own cloud products an unearned advantage and lock customers into their cloud ecosystems,” Google Cloud wrote in its FTC comments.
Microsoft took a different tack in its comments, praising rivals and characterizing the cloud marketplace as “highly dynamic and competitive." The company went on to point out that the robust competition allows for customers to determine which cloud, or on-premise, capability best serves which workload.
“After deciding to move to a cloud services provider, customers do not necessarily continue with that provider for all new work. Rather, customers constantly make choices between cloud providers for where to deploy new projects,” Microsoft wrote. “This recurring competition spurs product innovation, a steady downward pricing trend and allows customers to choose from a wide range of services provided by both independent vendors and cloud providers.”
Oracle and others also attacked cloud rival and market leader Amazon Web Services for alleged anti-competitive practices, leaving the FTC to sort out the many pointed fingers of industry and how they affect issues like data interoperability and vendor lock in what is a diverse federal market.
“That’s what’s so interesting about the range of issues that are raised in all of the comments, they begin to peel back a lot of the layers of limitations there are on the data portability questions,” said Ryan Triplette, executive director of the Coalition for Fair Software Licensing — a group that launched in September 2022 and campaigns against restrictive software licensing practices.
As cloud adoption has grown globally, competition in the market has grown more intense. An April report from Gartner projected that worldwide end-user spending on public cloud services would reach $597.3 billion in 2023, a 21.7% increase over the prior year.
Because cloud capabilities are the bedrock for emerging technologies like generative artificial intelligence and can help facilitate critical operations like zero trust, spending is forecasted to grow to $724.6 billion worldwide in 2024.
According to Deltek, U.S. government spending on cloud computing is growing by about 15% annually.
The speed of AI adoption and recent policy on zero trust are among a myriad of issues fueling cloud adoption in the federal government, alongside practical issues like modernization and potential cost savings. In its FTC letter, Microsoft pointed to AI and machine learning as applications that are likely to drive further competition in the market.
But the diverse needs of federal agencies have led to a technology environment where customers are adopting multiple cloud networks, a hybrid mix of cloud and on-premise servers or both. The main challenge for those customers is ensuring their data can work across their information technology environments no matter what their configuration is.
“When we survey users of cloud services, particularly government users of cloud services, we find the reason they have multiple infrastructure-as-a-service providers is that they want to be able to fit the workload that they are migrating to the cloud to the best possible venue, which means availing themselves of some of those unique features of a cloud service provider,” Brown said.
The market conflict emerges when a customer wants to migrate their workloads from an on-prem environment to the cloud or shift it from one cloud network to another.
The cloud market is generally divided into three service models — infrastructure-as-a-service, platform-as-a-service and software-as-a-service — with a range of subcomponents and functions.
While IaaS provides the network, storage and compute functions of cloud, PaaS can provide cloud-based operating systems and database functions. SaaS includes a range of software suites, such as Microsoft’s Outlook 365 and Google's Workspace.
According to Gartner’s forecast, SaaS services led worldwide cloud spending with $167.3 billion in 2022 and it is projected to continue pace over the next two years, followed by IaaS and PaaS, respectively.
While the cloud market remains robust for cloud service providers, the concern reflected by Google and others is that some Microsoft software products may not allow for interoperability with competing cloud networks, whether it’s a legacy on-prem software or a SaaS.
Because both Microsoft and Oracle have deep histories with the federal government in providing operating systems and database applications respectively, the concern is that they use those products as a wedge to favor their own cloud networks, either by making migration easier or making it more expensive to license the software on a competitor's cloud.
"Enterprise and public sector customers with expansive portfolios of previously purchased, on-premises Microsoft software are faced with increasing restrictions, prohibitions and surcharges when they attempt to migrate those on-premises workloads to an Azure competitor. These restrictions don’t have any technical justification and didn’t otherwise exist when those customers originally bought the software from Microsoft," Google stated in its comments to the FTC.
As government contracts attorney Michael Garland told Nextgov/FCW: “When you buy a car from General Motors, they don’t determine where you are allowed to park.”
A spokesperson for Microsoft declined to comment directly on the FTC docket. However, in its FTC letter, Microsoft noted that software containers can be used to virtualize an operating system and allow a software application to run on multiple cloud environments without altering their infrastructure.
Furthermore, the company pointed to examples of other competitors, such as Amazon, “with incentives to develop an at-scale cloud for their own use may also enter the market by opening up their private cloud to deliver services to others,” implying that there are fewer barriers to the IaaS or PaaS markets.
Billing questions
But it’s not just Microsoft and Oracle that are in the comment crosshairs. Oracle executives were among those that took aim at cloud market leader AWS in their letter to the FTC, outlining what they called “leverage predatory billing practices to exclude competition.”
Oracle focused its complaint on two issues: fees AWS charges customers to move data to another vendor’s cloud network, known as egress fees, and a software marketplace that allows third party vendors to sell their tools to U.S. intelligence agencies.
Pointing to a 2021 Cloudflare blog examining AWS’ egress fees that claimed the company marked up U.S. customers approximately 80 times its transactional costs, Oracle said the practice was a way to lock customers into AWS cloud environments and was antithetical to multi-cloud practices.
With AWS’ Amazon Intelligence Community Marketplace, Oracle alleged that the company uses the platform “to take a substantial cut of the vendor’s gross sales, and bar vendors from making up the difference by increasing the base price” while driving software vendors to AWS cloud networks.
AWS characterized these allegations as "myths" in their FTC comment.
"AWS does not charge separate fees for egress — that is, for switching data to another IT provider — and a vast majority of our customers pay nothing for data transfer because we provide them with 100 gigabytes per month for free,” the spokesperson said. “Like all large-scale cloud service providers, AWS customers that use the network more extensively pay a service fee to transfer data within or out of AWS regardless of the reason for the transfer. AWS customers make hundreds of millions of data transfers each day in the ordinary course of business, and AWS is generally unaware of the reason a customer is transferring data."
Triplette, whose organization has also been critical of Microsoft, said that concerns over software licensing agreements could be further illuminated by the oversight of public sector cloud contracts.
“We’ve heard concerns raised by other competitors in the market with legacy providers using, I would say, a kind of hook-in to a [request for proposal] for one product to wedge their cloud products in from an adjacent market and effectively, in a lot of ways, circumventing traditional procurement practices,” she said. “That’s part of the reason the coalition has been supportive of the Strengthening Agency Management and Oversight of Software Assets Act to do just that.”
That bill, known by its acronym SAMOSA, would require agencies to report in more detail on their software assets, spending and utilization rates, but also “identify potential mitigations to minimize software license restrictions on how such software can be deployed, accessed or used.”
The bill advanced out of committee in May and awaits a floor vote in the Senate.
But Brown said there could be another market solution to the problem, one that can be found in both one of the intelligence community’s more recent acquisition successes and one of the Department of Defense’s most contentious acquisition failures.
The JEDI lesson
After more than four years of legal wrangling among the major cloud services providers vying for a $10 billion enterprise cloud contract known as the Joint Enterprise Defense Infrastructure, Pentagon officials canceled the contract in favor of a multi-cloud award known as the Joint Warfighting Cloud Capability.
The JWCC playbook closely mirrored the intelligence community’s noncontroversial shift to multi-cloud with its own Commercial Cloud Enterprise contract, and Brown said both provide a blueprint for CSPs to resolve their interoperability grievances.
“I think that’s likely to be a continuing model for large-scale contracts for cloud service providers,” he said. “The federal government will do a multiple award [contract] to avoid a protracted, and often very difficult to overcome, protest circumstances. Now, that effectively just transfers that problem down to the task order level, but at the task order level, the dollar values are smaller and this may be easier to contend with.”
Industry seems to think so as well. At the CSIS panel, Oracle's Scott Jordan pointed to JWCC as a step forward in how the federal government could adopt cloud services.
“In my opinion, they got the model right,” he said. “Based on the requirements you have, you can foster competition for the best price, the best performance, the best solution for the end user. I think that model is improving in the federal market. I still think we have a long way to go; I think that JWCC is a model that should be replicated throughout the market.”
Another solution, Brown noted, is the use of DevSecOps practices in software factories within agencies, where software applications can be designed to effectively run as vendor-neutral across infrastructures.
But where the FTC may go from here remains to be seen. The comment solicitation closed on June 21, and a spokesperson for the agency told Nextgov/FCW that it would “now review the comments before deciding on any possible next steps.”
Garland said the agency could consider a policy analogous to 1990s-era telecommunications regulations that allowed customers to retain their phone number when switching mobile carriers.
“The FTC should focus its attention on reducing or getting rid of mobility restrictions,” he said. “They could look to the way the [Federal Communications Commission] forced mobile phone mobility so you could take your phone number to another carrier, which, previously, you couldn’t do. You had to start over with a new phone number, which was obviously an inhibitor to move carriers.”
Brown said there’s no lack of competition, or regulation, in the cloud market, but the FTC’s inquiry suggests the agency is considering how to possibly regulate it further.
“Now it’s a question of does the playing field get more leveled in favor of, say, Oracle, Google and IBM,” he said.